Jump to content


Photo

"Use direct disk access" enalbled - System now is very very sluggish


  • Please log in to reply
4 replies to this topic

#1 Nick

Nick

    Forum Regular

  • Members
  • PipPipPipPip
  • 409 posts

Posted 17 June 2012 - 12:54 AM

Hello, this morning I did a custom scan with the latest version of the EEK (I have "installed" it on my system drive C), just to check my system as I usually do.

I have also enabled the "Use direct disk access" for the very first time. Once the scan was completed and nothing was found I rebooted my system. By the way, I'm sure that my system is clean with no malware.

Since then my system acts very sluggish, everything is slowed down. I'm not sure but the problem seems to be my local disc which has become very, very slow. During normal HD operations also the cursor moves and reacts slowy...

This issue started after enabling the "Use direct disk access" option.

Before proceeding with the EEK scan I turned off my AV.


Thank you very much for your help and sorry for my English.


System Information:

Win XP Pro SP3 (Hardware DEP)
Avast! Free AV 7.0.1426.0
Online Armor Free 5.5.0.1616
*Avast!/OA mutually excluded
HostMan/HostsServer 3.2.73 (MVPS HOSTS + hpHosts "ad/tracking servers only")
Norton DNS v2 (B-Security)


#2 Rob R.

Rob R.

    Forum Regular

  • Emsisoft Employee
  • 982 posts
  • LocationNetherlands
  • OS:Other Windows version
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor

Posted 17 June 2012 - 04:32 AM

Nick,

Could you please check the harddisk DMA mode.

It's possible that it is changed by Windows (without informing you about it) after time-outs or CRC errors.

More information here: http://support.micro...kb/817472/en-us

#3 Nick

Nick

    Forum Regular

  • Members
  • PipPipPipPip
  • 409 posts

Posted 17 June 2012 - 01:47 PM

Could you please check the harddisk DMA mode.


Thank you very much, ctrlaltdelete. I was getting mad!

I checked the hard disk DMA mode and it had been set to PIO mode from the correct ULTRA DMA mode, without any notification to the user.

I followed these:
  • Double-click Administrative Tools, and then click Computer Management.
  • Click System Tools, and then click Device Manager.
  • Expand the IDE ATA/ATAPI Controllers node.
  • Double-click the controller for which you want to restore the typical DMA transfer mode.
  • Click the Driver tab.
  • Click Uninstall.
  • When the process completes, restart your computer. When Windows restarts, the hard disk controller is re-enumerated and the transfer mode is reset to the default value for each device that is connected to the controller.
and now the faster transfer mode (ULTRA DMA) is re-enabled.


Now I guess I must avoid using "direct disk access" when scanning the system with the EEK (by the way I use the direct disk access with the Avast! Boot Scanner without any issues). Is that a known issue?

May I ask you also another question? Does the Full Scan in the EEK turn on the "direct disk access" by default?


If you need some other information (see also below) about my system/HD for future reference, let me know.

Thank you very much again for your help,
N.


--------------------------------------
Seagate Barracuda 7200.12

Device Model: ST3500418AS
Firmware Version: CC38
User Capacity: 500.107.862.016 bytes [500 GB]
Sector Size: 512 bytes logical/physical
ATA Version is: 8
ATA Standard is: ATA-8-ACS revision 4
SMART support is: Available - device has SMART capability.
SMART support is: Enabled


#4 Rob R.

Rob R.

    Forum Regular

  • Emsisoft Employee
  • 982 posts
  • LocationNetherlands
  • OS:Other Windows version
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor

Posted 17 June 2012 - 08:17 PM

Nick,

DDA (Direct Disk Access) is used by default during the rootkit scan. Certain system areas including the MBR will be scanned with DDA enabled.
There's no need to enable the Direct Disk Access for other parts of the harddisk, it will actually slow down the scan process and it's unlikely that malware is hidden in system areas that are not checked by the rootkit scan.

I've seen the same behavior (DMA mode set to PIO mode by Windows) on an old test PC i use. I manually entered the fix as described at the end of the Microsoft webpage mentioned above and that fixed the issue on the old test PC.

Make sure you have a backup of your registry before you try the fix as described on the MS webpage.

#5 Nick

Nick

    Forum Regular

  • Members
  • PipPipPipPip
  • 409 posts

Posted 17 June 2012 - 08:37 PM

Thank you, ctrlaltdelete.

So if I understood correctly, the full scan uses by default DDA but only for certain system areas.

Next time I will try the full scan instead of the custom one. If the same issue reappears, I'll manually enter that fix.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users